Table of contents

  • This session has been presented May 13, 2022.

Description

  • Speaker

    Thomas Rokicki (Univ Rennes, CNRS, IRISA)

Microarchitectural side-channel attacks can derive secrets from the execution of vulnerable programs. Their implementation in web browsers represents a considerable extension of their attack surface, as a user simply browsing a malicious website, or even a malicious third-party advertisement in a benign cross-origin isolated website, can be a victim.In this talk, we present the first CPU port contention side channel running entirely in a web browser, despite a highly challenging environment. Our attack can be used to build a cross-browser covert channel with a bit rate of 200bps, one order of magnitude above the state of the art, and has a spatial resolution of 1024 native instructions in a side-channel attack, a performance on-par with Prime+Probe attacks. We provide a framework to evaluate the port contention caused by WebAssembly instructions on Intel processors, allowing to increase the portability of port contention side channels. We conclude from our work that port contention attacks are not only fast, they are also less susceptible to noise than cache attacks, and are immune to countermeasures implemented in browsers as well as most side channel countermeasures, which target the cache in their vast majority.

Practical infos

  • Presentation documents

Next sessions

  • The Battle Against Bots: Current Threats and New Directions to Counter Automated Attacks

    • November 22, 2024 (11:00 - 12:00)

    • Inria Center of the University of Rennes - -Petri/Turing room

    Speaker : Elisa Chiapponi - Amadeus IT Group

    In today's digital landscape, the battle between industry and automated bots is an ever-evolving challenge. Attackers are leveraging advanced techniques such as residential proxies, CAPTCHA farms, and AI-enhanced fingerprint rotations to evade detection and execute functional abuse attacks, including web scraping, denial of inventory, and SMS pumping.  This talk will explore ongoing efforts[…]

    • SoSysec

    • Intrusion detection

  • Safety-Security Convergence of Industrial Control Systems

    • December 13, 2024 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Room Aurigny

    Speaker : Maxime Puys - Université Clermont Auvergne - IUT de Clermont-Ferrand

    Industrial Control Systems (ICS) are designed to provide a service, such as power generation or water treatment, while protecting people, assets, and the environment against hazards. However, ICS now integrate Information Technology (IT) and are interconnected with the outside world such as the Internet, thereby exposing their infrastructures to cyberattacks. Cyberattacks have thus become new[…]

    • SoSysec

    • Intrusion detection

Show previous sessions
Page top